[Operators] Spammy servers

Kevin Smith kevin at kismith.co.uk
Fri Mar 1 22:03:44 UTC 2013


On Fri, Mar 1, 2013 at 9:59 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
> expecially to the "high usage" ones (possibly more,
> those with unprotected IBR)... Did you actually ever make a census of how
> many of your concurrent users are actual human beings..?

It's not immediately clear to me how one would reliably do this - do
you have any suggestions?

> Finally, moving forward on the "how to protect account registration",
> there're several very effective measures one of which is CAPTCHA (and that
> needs to be done right, implementations like ejabberd's .. just aren't
> appropriate ..) but alone that doesn't do it obviously, you should put some
> more verification layers after that. I personally employ a long-strict
> captcha on the site form, plus an additional e-mail token verification and
> several timeframe checks (e.g. the user has to verify the account within 5
> minutes and has to do some copy & pasting...).

This sounds very thorough (and entirely reasonable). Is your setup for
doing this generally available so other servers could take advantage
of similar systems?

/K


More information about the Operators mailing list